Skip to content

Releases: zaproxy/zap-extensions

Wappalyzer - Technology Detection version 21.19.0

03 Mar 10:39
@zapbot zapbot
wappalyzer-v21.19.0
c158300
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Wappalyzer - Technology Detection version 21.19.0

Changed

  • Updated with upstream Wappalyzer icon and pattern changes.
  • Maintenance changes.
Loading

Retire.js version 0.20.0

03 Mar 10:38
@zapbot zapbot
retire-v0.20.0
c158300
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Retire.js version 0.20.0

Changed

  • Updated with upstream retire.js pattern changes.
  • Alert Tags for CVEs now include standardized links.
Loading

Passive scanner rules (beta) version 32

03 Mar 14:26
@zapbot zapbot
pscanrulesBeta-v32
b5b2051
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Passive scanner rules (beta) version 32

Changed

  • Maintenance changes.

Fixed

  • The Cacheable scan rule should now be more tolerant when parsing s-max-age values.
Loading

Passive scanner rules (alpha) version 38

03 Mar 14:26
@zapbot zapbot
pscanrulesAlpha-v38
b5b2051
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Passive scanner rules (alpha) version 38

Fixed

  • Use case insensitive HTTP field name check in Insufficient Site Isolation Against Spectre Vulnerability scan rule.

Changed

  • Maintenance changes.
Loading

Passive scanner rules version 46

03 Mar 14:26
@zapbot zapbot
pscanrules-v46
b5b2051
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Passive scanner rules version 46

Changed

  • The PII Disclosure scan rule:
    • Now includes a solution statement.
    • Now more specifically portrays alert Evidence.
    • Now includes example alert functionality for documentation generation purposes (Issue 6119).
    • Will now only consider PDFs at Low threshold.
  • Maintenance changes.
  • The HeartBleed scan rule alert now includes a CVE tag.
  • Timestamp Disclosure scan rule now excludes values in "RateLimit-Reset", "X-RateLimit-Reset", and "X-Rate-Limit-Reset" headers (Issue 7747).

Fixed

  • The CSP Missing scan rule now alerts when the Content-Security-Policy header is missing, and when the obsolete X-Content-Security-Policy or X-WebKit-CSP are found (Issue 7653).
Loading

Automation Framework version 0.25.1

03 Mar 12:35
@zapbot zapbot
automation-v0.25.1
376a144
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Automation Framework version 0.25.1

Fixed

  • NPE when accessing active scan job.
Loading

Active scanner rules (beta) version 45

03 Mar 14:25
@zapbot zapbot
ascanrulesBeta-v45
b5b2051
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Active scanner rules (beta) version 45

Changed

  • Maintenance changes.
  • The Log4Shell scan rule alerts now include Alert References and Tags.
  • The Spring4Shell scan rule now includes a CVE Alert Tag and reference link.

Fixed

  • Use same non-default port in the HTTP Only Site scan rule.
Loading

Active scanner rules version 53

03 Mar 14:25
@zapbot zapbot
ascanrules-v53
b5b2051
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Active scanner rules version 53

Changed

  • Maintenance changes.
  • The SQL Injection Scan Rule filters reflected payload containing escaped characters like '&' and '"' before response content comparison to reduce false negatives.
Loading

Automation Framework version 0.25.0

28 Feb 12:56
@zapbot zapbot
automation-v0.25.0
db2ff10
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Automation Framework version 0.25.0

Added

  • Support for dynamically added header based session management method.

Fixed

  • Active scan would fail if threadsPerHost set to zero.

Changed

  • Maintenance changes.
Loading

Common Library version 1.14.0

24 Feb 18:35
@zapbot zapbot
commonlib-v1.14.0
6d08c69
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Common Library version 1.14.0

Fixed

  • Comparable Response functionality is now more robust and doesn't fail when processing types other than JSON Object (Issue 7736).
Loading